International Virtual Observatory Alliance

Difference: GroupMembershipService (1 vs. 10)

Revision 102021-08-25 - GiulianoTaffoni

Changed:

<
<

META TOPICPARENT	name="IvoaGridAndWebServices"

>
>

META TOPICPARENT	name="SecurityHome"

Group Membership Service Working Draft

TOC

Group Membership Service Working Draft

Working Draft

The most recent published Working Draft can be found here: Group Membership Service

Comments from the community to be considered

The idea at the bottom of p9 is worth exploring... identity=x509:?? -- PatrickDowler - 2018-11-06

In the section describing possible future enhancements, specifically a way to manage groups, references should be made to the IETF RFCs 7642, 7643, and 7644, which make up the SCIM (System for Cross-Identity management). These RFCs were brought to my attention by MathieuServillat -- BrianMajor - 2019-03-22

Comments accepted and applied to the non-published version of the working draft

all currently in the published version

Comments accepted and applied to the latest, published working draft

Why the fixed /gms part of he path? Just to give the group uri scheme some recognisability? We could also go vospace style , eg gms://authority/path?group to get that but with simpler extraction if the resource ID... I think path restriction will rub people the wrong way. It really means it is hard to embed gms capabilities into other existing services where you already chose the resource id -- PatrickDowler - 2018-11-06
- +1 for me on the gms:// schema solution. It leaves the local part of the IVOID (URI) opaque as it should and free-to-manage by the providers. -- MarcoMolinaro - 2018-11-07
  - I've changed the gms ivoid to be in the gms:// form suggested above. -- BrianMajor - 2019-03-22
  - This has been changed back to a IVOID (ivo scheme) but without a fixed path -- BrianMajor - 2019-04-26

I think user and principal are misleading param names; user is a collection of identities so maybe identity would be better. I'm not sure how the term principal is used outside the java APIs, but I would thing identiyType or idType would make this more clear.
- The two optional parameters have been renamed 'identity' and 'identityType' . -- BrianMajor - 2019-03-22

Paraphrased from an email from MarkTaylor: the use of 403 as the response code to indicate non-membership doesn't seem correct.
- I agree and have changed the API definition of GET to /search/groups/{group} to simply return an empty list of groups and 200 (OK) to mirror the API for GET to /search/groups -- BrianMajor - 2019-03-22

Paraphrased from an email from MarkTaylor: the existence of both a functional and REST definition of the GMS API is confusing.
- Okay, thanks. I think I will put the API in tabular format instead and hopefully that will help clarify that section. -- BrianMajor - 2019-03-22
  - Now in a table. BrianMajor - 2019-03-29

Corrections and edits to the Group Identifiers section including the registry lookup based on feedback from Mark Taylor and Marcus Demleitner. -- BrianMajor - 20190426

<-- 
 
 
 Set ALLOWTOPICRENAME = TWikiAdminGroup
 
 
-->

META FILEATTACHMENT	attachment="GMS.pdf" attr="h" comment="This version is out-of-date" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"

Revision 92019-04-26 - BrianMajor

META TOPICPARENT	name="IvoaGridAndWebServices"

Group Membership Service Working Draft

TOC

Group Membership Service Working Draft

Working Draft

The most recent published Working Draft can be found here: Group Membership Service

Comments from the community to be considered

The idea at the bottom of p9 is worth exploring... identity=x509:?? -- PatrickDowler - 2018-11-06

In the section describing possible future enhancements, specifically a way to manage groups, references should be made to the IETF RFCs 7642, 7643, and 7644, which make up the SCIM (System for Cross-Identity management). These RFCs were brought to my attention by MathieuServillat -- BrianMajor - 2019-03-22

Comments accepted and applied to the non-published version of the working draft

all currently in the published version

Comments accepted and applied to the latest, published working draft

Why the fixed /gms part of he path? Just to give the group uri scheme some recognisability? We could also go vospace style , eg gms://authority/path?group to get that but with simpler extraction if the resource ID... I think path restriction will rub people the wrong way. It really means it is hard to embed gms capabilities into other existing services where you already chose the resource id -- PatrickDowler - 2018-11-06
- +1 for me on the gms:// schema solution. It leaves the local part of the IVOID (URI) opaque as it should and free-to-manage by the providers. -- MarcoMolinaro - 2018-11-07
  - I've changed the gms ivoid to be in the gms:// form suggested above. -- BrianMajor - 2019-03-22

Added:

>
>

- - This has been changed back to a IVOID (ivo scheme) but without a fixed path -- BrianMajor - 2019-04-26

I think user and principal are misleading param names; user is a collection of identities so maybe identity would be better. I'm not sure how the term principal is used outside the java APIs, but I would thing identiyType or idType would make this more clear.
- The two optional parameters have been renamed 'identity' and 'identityType' . -- BrianMajor - 2019-03-22

Paraphrased from an email from MarkTaylor: the use of 403 as the response code to indicate non-membership doesn't seem correct.
- I agree and have changed the API definition of GET to /search/groups/{group} to simply return an empty list of groups and 200 (OK) to mirror the API for GET to /search/groups -- BrianMajor - 2019-03-22

Paraphrased from an email from MarkTaylor: the existence of both a functional and REST definition of the GMS API is confusing.
- Okay, thanks. I think I will put the API in tabular format instead and hopefully that will help clarify that section. -- BrianMajor - 2019-03-22
  - Now in a table. BrianMajor - 2019-03-29

Added:

>
>

Corrections and edits to the Group Identifiers section including the registry lookup based on feedback from Mark Taylor and Marcus Demleitner. -- BrianMajor - 20190426

<-- 
 
 
 Set ALLOWTOPICRENAME = TWikiAdminGroup
 
 
-->

META FILEATTACHMENT	attachment="GMS.pdf" attr="h" comment="This version is out-of-date" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"

Revision 82019-04-01 - BrianMajor

META TOPICPARENT	name="IvoaGridAndWebServices"

Group Membership Service Working Draft

TOC

Group Membership Service Working Draft

Working Draft

The most recent published Working Draft can be found here: Group Membership Service

Comments from the community to be considered

The idea at the bottom of p9 is worth exploring... identity=x509:?? -- PatrickDowler - 2018-11-06

Added:

>
>

In the section describing possible future enhancements, specifically a way to manage groups, references should be made to the IETF RFCs 7642, 7643, and 7644, which make up the SCIM (System for Cross-Identity management). These RFCs were brought to my attention by MathieuServillat -- BrianMajor - 2019-03-22

Comments accepted and applied to the non-published version of the working draft

Added:

>
>

all currently in the published version

Comments accepted and applied to the latest, published working draft

Why the fixed /gms part of he path? Just to give the group uri scheme some recognisability? We could also go vospace style , eg gms://authority/path?group to get that but with simpler extraction if the resource ID... I think path restriction will rub people the wrong way. It really means it is hard to embed gms capabilities into other existing services where you already chose the resource id -- PatrickDowler - 2018-11-06
- +1 for me on the gms:// schema solution. It leaves the local part of the IVOID (URI) opaque as it should and free-to-manage by the providers. -- MarcoMolinaro - 2018-11-07
  - I've changed the gms ivoid to be in the gms:// form suggested above. -- BrianMajor - 2019-03-22

I think user and principal are misleading param names; user is a collection of identities so maybe identity would be better. I'm not sure how the term principal is used outside the java APIs, but I would thing identiyType or idType would make this more clear.
- The two optional parameters have been renamed 'identity' and 'identityType' . -- BrianMajor - 2019-03-22

Paraphrased from an email from MarkTaylor: the use of 403 as the response code to indicate non-membership doesn't seem correct.
- I agree and have changed the API definition of GET to /search/groups/{group} to simply return an empty list of groups and 200 (OK) to mirror the API for GET to /search/groups -- BrianMajor - 2019-03-22

Paraphrased from an email from MarkTaylor: the existence of both a functional and REST definition of the GMS API is confusing.

Changed:

<
<

- Okay, thanks. I think I will put the API in tabular format instead and hopefully that will help clarify that section. -- BrianMajor - 2019-03-22

>
>

- Okay, thanks. I think I will put the API in tabular format instead and hopefully that will help clarify that section. -- BrianMajor - 2019-03-22

- - Now in a table. BrianMajor - 2019-03-29

Deleted:

<
<

Comments accepted and applied to the latest, published working draft

none so far

<-- 
 
 
 Set ALLOWTOPICRENAME = TWikiAdminGroup
 
 
-->

META FILEATTACHMENT	attachment="GMS.pdf" attr="h" comment="This version is out-of-date" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"

Revision 72019-03-29 - BrianMajor

META TOPICPARENT	name="IvoaGridAndWebServices"

Group Membership Service Working Draft

TOC

Group Membership Service Working Draft

Working Draft

The most recent published Working Draft can be found here: Group Membership Service

Comments from the community to be considered

The idea at the bottom of p9 is worth exploring... identity=x509:?? -- PatrickDowler - 2018-11-06

Deleted:

<
<

Paraphrased from an email from MarkTaylor: the existence of both a functional and REST definition of the GMS API is confusing.
- Okay, thanks. I think I will put the API in tabular format instead and hopefully that will help clarify that section. -- BrianMajor - 2019-03-22

In the section describing possible future enhancements, specifically a way to manage groups, references should be made to the IETF RFCs 7642, 7643, and 7644, which make up the SCIM (System for Cross-Identity management). These RFCs were brought to my attention by MathieuServillat -- BrianMajor - 2019-03-22

Comments accepted and applied to the non-published version of the working draft

Why the fixed /gms part of he path? Just to give the group uri scheme some recognisability? We could also go vospace style , eg gms://authority/path?group to get that but with simpler extraction if the resource ID... I think path restriction will rub people the wrong way. It really means it is hard to embed gms capabilities into other existing services where you already chose the resource id -- PatrickDowler - 2018-11-06
- +1 for me on the gms:// schema solution. It leaves the local part of the IVOID (URI) opaque as it should and free-to-manage by the providers. -- MarcoMolinaro - 2018-11-07
  - I've changed the gms ivoid to be in the gms:// form suggested above. -- BrianMajor - 2019-03-22

I think user and principal are misleading param names; user is a collection of identities so maybe identity would be better. I'm not sure how the term principal is used outside the java APIs, but I would thing identiyType or idType would make this more clear.
- The two optional parameters have been renamed 'identity' and 'identityType' . -- BrianMajor - 2019-03-22

Paraphrased from an email from MarkTaylor: the use of 403 as the response code to indicate non-membership doesn't seem correct.
- I agree and have changed the API definition of GET to /search/groups/{group} to simply return an empty list of groups and 200 (OK) to mirror the API for GET to /search/groups -- BrianMajor - 2019-03-22

Added:

>
>

Paraphrased from an email from MarkTaylor: the existence of both a functional and REST definition of the GMS API is confusing.
- Okay, thanks. I think I will put the API in tabular format instead and hopefully that will help clarify that section. -- BrianMajor - 2019-03-22
  - Now in a table. BrianMajor - 2019-03-29

Comments accepted and applied to the latest, published working draft

none so far

Deleted:

<
<

<-- 
 
 
 Set ALLOWTOPICRENAME = TWikiAdminGroup
 
 
-->

META FILEATTACHMENT	attachment="GMS.pdf" attr="h" comment="This version is out-of-date" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"

Revision 62019-03-22 - BrianMajor

  META TOPICPARENT 
  name="IvoaGridAndWebServices"  

 Group Membership Service Working Draft 



TOC

 
  Group Membership Service Working Draft 
  Working Draft
   Comments from the community to be considered
   Comments accepted and applied to the non-published version of the working draft
   Comments accepted and applied to the latest, published working draft
 
 




 Working Draft 

The most recent published Working Draft can be found here: Group Membership Service

 Comments from the community to be considered
- META TOPICPARENT
+  name="IvoaGridAndWebServices"
-<
<
+ I think user and principal are misleading param names; user is a collection of identities so maybe identity would be better. I'm not sure how the term principal is used outside the java APIs, but I would thing identiyType or idType would make this more clear. The idea at the bottom of p9 is worth exploring... identity=x509:?? -- PatrickDowler - 2018-11-06
->
>
+ The idea at the bottom of p9 is worth exploring... identity=x509:?? -- PatrickDowler - 2018-11-06
->
>
+ Paraphrased from an email from MarkTaylor: the existence of both a functional and REST definition of the GMS API is confusing.  
 Okay, thanks. I think I will put the API in tabular format instead and hopefully that will help clarify that section. -- BrianMajor - 2019-03-22
 
  In the section describing possible future enhancements, specifically a way to manage groups, references should be made to the IETF RFCs 7642, 7643, and 7644, which make up the SCIM (System for Cross-Identity management). These RFCs were brought to my attention by MathieuServillat -- BrianMajor - 2019-03-22
->
>
+ Comments accepted and applied to the non-published version of the working draft
  Why the fixed /gms part of he path? Just to give the group uri scheme some recognisability? We could also go vospace style , eg gms://authority/path?group to get that but with simpler extraction if the resource ID... I think path restriction will rub people the wrong way. It really means it is hard to embed gms capabilities into other existing services where you already chose the resource id -- PatrickDowler - 2018-11-06
-<
<
+ +1 for me on the gms:// schema solution. It leaves the local part of the IVOID (URI) opaque as it should and free-to-manage by the providers. -- MarcoMolinaro - 2018-11-07
->
>
+ +1 for me on the gms:// schema solution. It leaves the local part of the IVOID (URI) opaque as it should and free-to-manage by the providers. -- MarcoMolinaro - 2018-11-07
->
>
+ I've changed the gms ivoid to be in the gms:// form suggested above. -- BrianMajor - 2019-03-22
-<
<
+ Comments already addressed and applied to the latest, published working draft
->
>
+ I think user and principal are misleading param names; user is a collection of identities so maybe identity would be better. I'm not sure how the term principal is used outside the java APIs, but I would thing identiyType or idType would make this more clear.
->
>
+ The two optional parameters have been renamed 'identity' and 'identityType' . -- BrianMajor - 2019-03-22
-<
<
+ None so far
->
>
+ Paraphrased from an email from MarkTaylor: the use of 403 as the response code to indicate non-membership doesn't seem correct.
->
>
+ I agree and have changed the API definition of GET to /search/groups/{group} to simply return an empty list of groups and 200 (OK) to mirror the API for GET to /search/groups -- BrianMajor - 2019-03-22
 
 

 Comments accepted and applied to the latest, published working draft 
 

 none so far
 <-- 
 
 
 Set ALLOWTOPICRENAME = TWikiAdminGroup
 
 
-->




 META FILEATTACHMENT 
  attachment="GMS.pdf" attr="h" comment="This version is out-of-date" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"
- META FILEATTACHMENT
+  attachment="GMS.pdf" attr="h" comment="This version is out-of-date" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"

Revision 52019-03-15 - BrianMajor

  META TOPICPARENT 
  name="IvoaGridAndWebServices"  

 Group Membership Service Working Draft 



TOC

 
  Group Membership Service Working Draft 
  Working Draft
   Comments from the community to be considered
   Comments accepted and applied to the non-published version of the working draft
   Comments accepted and applied to the latest, published working draft
 
 




 Working Draft 

The most recent published Working Draft can be found here: Group Membership Service

 Comments from the community to be considered
- META TOPICPARENT
+  name="IvoaGridAndWebServices"
-<
<
+ I think user and principal are misleading param names; user is a collection of identities so maybe identity would be better. I'm not sure how the term principal is used outside the java APIs, but I would thing identiyType or idType would make this more clear. The idea at the bottom of p9 is worth exploring... identity=x509:?? -- IVOA.Patrick.Dowler - 2018-11-06
->
>
+ I think user and principal are misleading param names; user is a collection of identities so maybe identity would be better. I'm not sure how the term principal is used outside the java APIs, but I would thing identiyType or idType would make this more clear. The idea at the bottom of p9 is worth exploring... identity=x509:?? -- PatrickDowler - 2018-11-06
-<
<
+ Why the fixed /gms part of he path? Just to give the group uri scheme some recognisability? We could also go vospace style , eg gms://authority/path?group to get that but with simpler extraction if the resource ID... I think path restriction will rub people the wrong way. It really means it is hard to embed gms capabilities into other existing services where you already chose the resource id  -- IVOA.Patrick.Dowler - 2018-11-06
->
>
+ Why the fixed /gms part of he path? Just to give the group uri scheme some recognisability? We could also go vospace style , eg gms://authority/path?group to get that but with simpler extraction if the resource ID... I think path restriction will rub people the wrong way. It really means it is hard to embed gms capabilities into other existing services where you already chose the resource id -- PatrickDowler - 2018-11-06
  +1 for me on the gms:// schema solution. It leaves the local part of the IVOID (URI) opaque as it should and free-to-manage by the providers. -- MarcoMolinaro - 2018-11-07
-<
<
+ Comments already applied to the latest, published working draft
->
>
+ Comments already addressed and applied to the latest, published working draft
  None so far
 
<-- 
 
 
 Set ALLOWTOPICRENAME = TWikiAdminGroup
 
 
-->
-<
<
+ META FILEATTACHMENT 
  attachment="GMS.pdf" attr="" comment="" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"
- META FILEATTACHMENT
+  attachment="GMS.pdf" attr="" comment="" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"
->
>
+ META FILEATTACHMENT 
  attachment="GMS.pdf" attr="h" comment="This version is out-of-date" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"
- META FILEATTACHMENT
+  attachment="GMS.pdf" attr="h" comment="This version is out-of-date" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"

Revision 42018-11-07 - MarcoMolinaro

META TOPICPARENT	name="IvoaGridAndWebServices"

Group Membership Service Working Draft

TOC

Group Membership Service Working Draft

Working Draft

The most recent published Working Draft can be found here: Group Membership Service

Comments from the community to be considered

I think user and principal are misleading param names; user is a collection of identities so maybe identity would be better. I'm not sure how the term principal is used outside the java APIs, but I would thing identiyType or idType would make this more clear. The idea at the bottom of p9 is worth exploring... identity=x509:?? -- IVOA.Patrick.Dowler - 2018-11-06

Why the fixed /gms part of he path? Just to give the group uri scheme some recognisability? We could also go vospace style , eg gms://authority/path?group to get that but with simpler extraction if the resource ID... I think path restriction will rub people the wrong way. It really means it is hard to embed gms capabilities into other existing services where you already chose the resource id -- IVOA.Patrick.Dowler - 2018-11-06

Added:

>
>

- +1 for me on the gms:// schema solution. It leaves the local part of the IVOID (URI) opaque as it should and free-to-manage by the providers. -- MarcoMolinaro - 2018-11-07

Comments already applied to the latest, published working draft

None so far

<-- 
 
 
 Set ALLOWTOPICRENAME = TWikiAdminGroup
 
 
-->

META FILEATTACHMENT	attachment="GMS.pdf" attr="" comment="" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"

Revision 32018-11-06 - BrianMajor

  META TOPICPARENT 
  name="IvoaGridAndWebServices"  

 Group Membership Service Working Draft 



TOC

 
  Group Membership Service Working Draft 
  Working Draft
   Comments from the community to be considered
   Comments accepted and applied to the non-published version of the working draft
   Comments accepted and applied to the latest, published working draft
 
 




 Working Draft 

The most recent published Working Draft can be found here: Group Membership Service

 Comments from the community to be considered
- META TOPICPARENT
+  name="IvoaGridAndWebServices"
-<
<
+ Please add your comments here with your signature
->
>
+ I think user and principal are misleading param names; user is a collection of identities so maybe identity would be better. I'm not sure how the term principal is used outside the java APIs, but I would thing identiyType or idType would make this more clear. The idea at the bottom of p9 is worth exploring... identity=x509:?? -- IVOA.Patrick.Dowler - 2018-11-06
->
>
+ Why the fixed /gms part of he path? Just to give the group uri scheme some recognisability? We could also go vospace style , eg gms://authority/path?group to get that but with simpler extraction if the resource ID... I think path restriction will rub people the wrong way. It really means it is hard to embed gms capabilities into other existing services where you already chose the resource id  -- IVOA.Patrick.Dowler - 2018-11-06
  Comments already applied to the latest, published working draft 
 

 None so far
-<
<
->
>
+ META FILEATTACHMENT 
  attachment="GMS.pdf" attr="" comment="" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"
- META FILEATTACHMENT
+  attachment="GMS.pdf" attr="" comment="" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"

Revision 22018-11-02 - BrianMajor

  META TOPICPARENT 
  name="IvoaGridAndWebServices"  

 Group Membership Service Working Draft 



TOC

 
  Group Membership Service Working Draft 
  Working Draft
   Comments from the community to be considered
   Comments accepted and applied to the non-published version of the working draft
   Comments accepted and applied to the latest, published working draft
 
 




 Working Draft
- META TOPICPARENT
+  name="IvoaGridAndWebServices"
-<
<
+The latest version of the working draft can be found here:  Group Membership Service
->
>
+The most recent published Working Draft can be found here: Group Membership Service
-<
<
+ Comments from the community
->
>
+ Comments from the community to be considered
->
>
+ Please add your comments here with your signature
 

 Comments already applied to the latest, published working draft 
 

 None so far
  <-- 
 
 
 Set ALLOWTOPICRENAME = TWikiAdminGroup
 
 
-->




 META FILEATTACHMENT 
  attachment="GMS.pdf" attr="" comment="" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"
- META FILEATTACHMENT
+  attachment="GMS.pdf" attr="" comment="" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"

Revision 12018-10-26 - BrianMajor

META TOPICPARENT	name="IvoaGridAndWebServices"

Group Membership Service Working Draft

TOC

Group Membership Service Working Draft

Working Draft

The latest version of the working draft can be found here: Group Membership Service

Comments from the community

<-- 
 
 
 Set ALLOWTOPICRENAME = TWikiAdminGroup
 
 
-->

META FILEATTACHMENT	attachment="GMS.pdf" attr="" comment="" date="1540513030" name="GMS.pdf" path="GMS.pdf" size="354666" user="BrianMajor" version="1"

View topic | History: r10 < r9 < r8 < r7 | More topic actions...